You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+27-2Lines changed: 27 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -113,8 +113,6 @@ A slightly more complicated example, changes the docroot owner/group from the de
113
113
docroot_group => 'third',
114
114
}
115
115
```
116
-
For details on using the Shibboleth module (a.k.a. `mod_shib`) see [the Shibboleth README](README.mod_shib.md)
117
-
118
116
119
117
To set up a virtual host with SSL and default SSL certificates
120
118
@@ -550,6 +548,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl
550
548
*`rewrite`
551
549
*`rpaf`*
552
550
*`setenvif`
551
+
*`shib`* (see [`apache::mod::shib`](#class-apachemodshib) below)
553
552
*`speling`
554
553
*`ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below)
555
554
*`status`*
@@ -697,6 +696,12 @@ AddHandler php5-script .php
697
696
AddType text/html .php',
698
697
}
699
698
```
699
+
####Class: `apache::mod::shib`
700
+
701
+
Installs the [Shibboleth](http://shibboleth.net/) module for Apache which allows the use of SAML2 Single-Sign-On (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a Shibboleth Service Provider (a web application that consumes Shibboleth SSO identities). The Shibboleth configuration can be managed manually, with puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).
702
+
703
+
Defining this class enables the Shibboleth specific parameters in `apache::vhost` instances.
704
+
700
705
####Class: `apache::mod::ssl`
701
706
702
707
Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults:
@@ -1706,6 +1711,26 @@ Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array
1706
1711
}
1707
1712
```
1708
1713
1714
+
######`shib_request_setting`
1715
+
1716
+
Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details.
1717
+
1718
+
```puppet
1719
+
apache::vhost { 'secure.example.net':
1720
+
docroot => '/path/to/directory',
1721
+
directories => [
1722
+
{ path => '/path/to/directory',
1723
+
shib_require_setting => 'requiresession 1',
1724
+
shib_use_headers => 'On',
1725
+
},
1726
+
],
1727
+
}
1728
+
```
1729
+
1730
+
######`shib_use_headers`
1731
+
1732
+
When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details.
1733
+
1709
1734
######`ssl_options`
1710
1735
1711
1736
String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost.
0 commit comments